Vulnerability found: WordPress 2.3-4.8.2 – Host Header Injection in Pass Reset

  • Resolved RadCon

    (@radcon)


    6 years, 6 months ago

    Hello,

    I’ve received this notification for all my sites today: “Vulnerability found: WordPress 2.3-4.8.2 – Host Header Injection in Password Reset”

    But this vulnerability has been fixed with WP 4.8.2, no?

    Best regards,
    Sonia.

Viewing 2 replies - 16 through 17 (of 17 total)
1 2
  • vignes.thomas@yahoo.fr

    (@vignesthomasyahoofr)

    6 years, 1 month ago

    Hi Glen.

    As wordpress should not correct the issue WordPress <= 4.9.4 – Application Denial of Service (DoS) (unpatched) (DDOS seems to be out of scope) can you please add an notification exception to this please ?

    Plugin Author Glen Scott

    (@glen_scott)

    6 years, 1 month ago

    The most recent version of my plugin allows you to ignore unpatched issues such as the DoS one you mention.

Viewing 2 replies - 16 through 17 (of 17 total)
1 2
  • The topic ‘Vulnerability found: WordPress 2.3-4.8.2 – Host Header Injection in Pass Reset’ is closed to new replies.